Falco
Falco is the open source standard for runtime security for hosts, containers, Kubernetes and the cloud. Get real-time visibility into unexpected behaviors, config changes, intrusions, and data theft.
Secure containerized applications, no matter what scale, using the power of eBPF. Protect your applications in real time wherever they run, whether bare metal or VMs. Falco is Kubernetes-compatible, helping you instantly detect suspicious activity across the control plane. Detect intrusions in real time across your cloud, from AWS, GCP or Azure, to Okta, Github and beyond. Falco detects threats across containers, Kubernetes, hosts and cloud services. Falco provides streaming detection of unexpected behavior, configuration changes, and attacks. A multi-vendor and broadly supported standard that you can rely on.
Learn more
Constellation
Constellation is a CNCF-certified Kubernetes distribution that leverages confidential computing to encrypt and isolate entire clusters, protecting data at rest, in transit, and during processing, by running control and worker planes within hardware-enforced trusted execution environments. It ensures workload integrity through cryptographic certificates and supply-chain security mechanisms (SLSA Level 3, sigstore-based signing), passes Center for Internet Security Kubernetes benchmarks, and uses Cilium with WireGuard for granular eBPF traffic control and end-to-end encryption. Designed for high availability and autoscaling, Constellation delivers near-native performance on all major clouds and supports rapid setup via a simple CLI and kubeadm interface. It implements Kubernetes security updates within 24 hours, offers hardware-backed attestation and reproducible builds, and integrates seamlessly with existing DevOps tools through standard APIs.
Learn more
Cilium
Cilium is open-source software for providing, securing and observing network connectivity between container workloads, cloud native, and fueled by the revolutionary Kernel technology eBPF. Kubernetes doesn't come with an implementation of Load Balancing. This is usually left as an exercise for your cloud provider or in private cloud environments an exercise for your networking team. Cilium can attract this traffic with BGP and accelerate leveraging XDP and eBPF. Together these technologies provide a very robust and secure implementation of load balancing. Cilium and eBPF operate at the kernel layer. With this level of context, we can make intelligent decisions about how to connect different workloads whether on the same node or between clusters. With eBPF and XDP Cilium enables significant improvements in latency and performance and eliminates the need for Kube-proxy entirely.
Learn more
dstack
dstack is an orchestration layer designed for modern ML teams, providing a unified control plane for development, training, and inference on GPUs across cloud, Kubernetes, or on-prem environments. By simplifying cluster management and workload scheduling, it eliminates the complexity of Helm charts and Kubernetes operators. The platform supports both cloud-native and on-prem clusters, with quick connections via Kubernetes or SSH fleets. Developers can spin up containerized environments that link directly to their IDEs, streamlining the machine learning workflow from prototyping to deployment. dstack also enables seamless scaling from single-node experiments to distributed training while optimizing GPU usage and costs. With secure, auto-scaling endpoints compatible with OpenAI standards, it empowers teams to deploy models quickly and reliably.
Learn more
